Your laptop is infected with ransomware...

[terra]

Looking for IT knowledges on how to solve this one...
I am fairly technical minded but not super IT knowledgeable. Any help appreciated.

You can read the long version on how the problem happened below but here is the short(er) version of what I intend to do to sort it out...

I think my laptop may potentially have just been infected with one of those ransomware viruses*.
To mitigate any data loss, before the ransomware kicks in, I have just backed up all my data onto a large USB harddrive (NOT using windows back-up facility, just manually copy and pasted the main data folders to the USB).

My laptop has been a bit slow anyway, and may have picked up other bugs here and there over the last 5 years, so it could probably do with a fresh 're-install' to its out-of-the-box settings. I can do this via the partitioned back-ups of Windows and Toshiba software that were originally loaded on the laptops harddrive (Toshiba Satellite laptop with windows 7).


The laptop is still working at the moment. So here's what I'm thinking of doing:
1) Formatting laptop to out-of-the-box settings.
2) Updating the windows and antivirus programs etc.
3) Re-installing my data onto the 're-freshed' drive.

Question:
Will this ensure that my laptop is ransomware and bug free?
Do I need to quarantine/clean the data files BEFORE reloading it onto the laptop?
Are there any other steps I need to do, or info that can help?

Thanks in advance.



*How it happened.
I have been waiting for a package in the post that seems to be lost. Yesterday I contacted the sender an courier company to see where it was. They said they would email me with any info/solution. An email from "Australia Post" turned up in my inbox with a 'click here' link for info on a lost parcel...

I later found out that this particular email had NOTHING to do with my lost parcel, it was a random scam email. Further research through the real Australia Post and contacting others tells me it probably contained a form of ransomware (when clicking the link). The email did kind of feel dodgy but looked legit and the perfect timing fooled me. Talk about coincidence!
Anyhow, that's how the infection occurred, you've been warned.

Thanks again for any help.

[Protobuilder]

If things are backed up and you have the software you need, wipe the thing clean and reinstall.

[terra]

Thanks Proto.

So the data that I backed up onto the external drive won't contain any infection or bugs?
The internet told me that this type of malware targets and encrypts data files??
Hence thinking I might have to scan it from another source/PC before reloading onto the newly reset laptop?

Thanks again.

[ccrow]

I have had to clean up a number of these ransomware infections, a few ideas.

When these hit, they start encrypting data files pretty quick, so you must turn off the machine as soon as possible. You can safely boot the computer from a linux boot disk to copy off any data that is not backed up. If you want to be really safe, before you wipe the hard drive, make a copy of the backups.

Malware can potentially corrupt some types of data files (MS office files, PDFs) but I haven't seen it actually happen. If you're selective about your backups you should be OK. Back up pictures, documents, etc., rather than whole folders. For example there is a good chance there is a bomb in your Downloads folder, don't just back up the entire Downloads folder.

The real deal crypto malware is tough to beat, but there are some copycats that don't use strong encryption, or use a small number of passwords for everyone. If you lose data, it might be recoverable if you got hit by one of the weak ones.

In one case, I found that the malware was extremely hard to remove, a type of rootkit. So the best thing to do is wipe the computer and restore from the installation media. If you don't have installation media (recovery disks or etc.) you can get it from the manufacturer. You could also just reinstall Windows from a generic Windows disk, although there may be some drivers to get afterwards, there won't be a bunch of crap programs.

There is a Cryptoprevent software available, which won't work against the current / nastiest variants, but is still worth checking out, even the less nasty ones are a major pain in the ass.

If you don't already have one, consider Carbonite or other backup service that gives you "continuous data protection."

[TerryB]

What browser are you using?

[terra]

Great info thanks.
Will check through the downloads folder. Is there anything i'm looking for in particular or will the Malware file(s) be hidden?
Also will use the wiped and newly re-freshed laptop to scan the data, whilst it is still on the external hard drive, before bringing it back over to the laptop. I have heard that this method allows virus/malware detection software to detect unfriendly files easier than when the data is actually on the infected PC.

The browser I used to use was Firefox but it was getting clunky, (as stated my laptop has been a bit slow and may have picked up other bugs here and there) so I switched to Chrome a few months ago.

Also, I had scored an SSD (solid state hard drive) for this laptop but haven't fitted it. I will fit it as part of this refresh, once I know it is safe to copy everything over to it. Will also clean out all the dust from the fans etc and generally give the old clunker a spruce-up whilst it's apart.

[nafod]

Also, I had scored an SSD (solid state hard drive) for this laptop but haven't fitted it. I will fit it as part of this refresh, once I know it is safe to copy everything over to it. Will also clean out all the dust from the fans etc and generally give the old clunker a spruce-up whilst it's apart.

Did you have a HD before? Man, what a difference an SSD makes.

[Beer Jew]

I recently fitted an SSD into an old Dell XPS M1530 I had. It certainly makes a difference but I was a little underwhelmed.

[TerryB]

The browser I used to use was Firefox but it was getting clunky

Hmmm....I've seen this before. Can you describe the clunk?

[nafod]

I recently fitted an SSD into an old Dell XPS M1530 I had. It certainly makes a difference but I was a little underwhelmed.

Bummer

Everything I put an SSD into, boot up time and app start times are orders of magnitude faster.

[TerryB]

Same here.

[terra]

Firefox just became slow and would 'hang' on certain tasks. Then every now and then it would not allow me to type text into fields on the screen. After trying to reload and upgrade and clear add ons etc etc I just gave up and went to chrome.

[TerryB]

Not "allow you to type text into fields"?

[ccrow]

I have never had a bad or even mediocre experience with SSDs but I have talked to people that put them in and got good results for a little while, but before long meh. I just read about this

http://www.buildcomputers.net/trim-support.html

looks like it would be worth a shot in those cases.

[terra]

Not "allow you to type text into fields"?

Yeah. For instance typing on this forum. It would just not allow entering text into the text fields at all. There are threads out about it in google land of you search. I tried some of the fixes but could never get it to cease completely, so just gave up on Firefox.

[TerryB]

What happened when you tried "typing on" other forums?

[Protobuilder]

If the ransomeware has found it's way into your Word files, you likely will need to wash out your entire hard drive.

[TerryB]

If the ransomeware has found it's way into your Word files, you likely will need to wash out your entire hard drive.

Hmmm

Proto is not particularly well-regarded for his technological savvy, but he may have stumbled upon an astute observation here.